产品环境中的django + ldap3错误
[英]django + ldap3 error on prod envirounment
问题描述
Please help, i have next issue. 
请帮助,我有下一个问题。 I have django 1.8 (python 3.3.5, centos 7) app with ldap authentication through external MS AD server. 我有通过外部MS AD服务器进行ldap身份验证的django 1.8(python 3.3.5,centos 7)应用程序。 On my local dev envirounment everything is working fine and it is possible to authorize in the app, but after migration to the prod with Apache server it fails with Error permission denied. 在我的本地开发人员环境中,一切正常,可以在应用程序中进行授权,但是在使用Apache服务器迁移到产品后,它会失败,并且错误权限被拒绝。 I am using ldap3 with django-python3-ldap https://github.com/etianen/django-python3-ldap 我正在将ldap3与django-python3-ldap https://github.com/etianen/django-python3-ldap一起使用
Error: 错误:
DAPSocketOpenError at /login/
('unable to open socket', [(datetime.datetime(2015, 12, 8, 14, 53, 5, 22728), <class 'ldap3.core.exceptions.LDAPSocketOpenError'>, LDAPSocketOpenError('socket connection error: [Errno 13] Permission denied',), ('172.20.48.12', 389)), (datetime.datetime(2015, 12, 8, 14, 53, 5, 23125), <class 'ldap3.core.exceptions.LDAPSocketOpenError'>, LDAPSocketOpenError('socket connection error: [Errno 13] Permission denied',), ('172.20.48.11', 389))])
Exception Location: /usr/local/lib/python3.3/site-packages/ldap3/strategy/base.py in open, line 136
Connection line from the exception: 连接线例外:
Connection(server=Server(host='ldap.server.corp', port=389, use_ssl=False, get_info='NO_INFO'), user='COMPANY\\user', password=u'value_password', auto_bind='NO_TLS', version=3, authentication='SIMPLE', client_strategy='SYNC', auto_referrals=True, check_names=True, read_only=False, lazy=False, raise_exceptions=False, fast_decoder=True)
When i start the app on dev django server - it is working fine, but when i run it through the apache it fails. 当我在django服务器上启动该应用程序时-它工作正常,但是当我通过apache运行它时失败了。 I can share any details if there is such need. 如果有需要,我可以分享任何细节。 Thank you. 谢谢。
2 个解决方案
解决方案1
2 2018-07-04 10:00:52
This is probably due to SELinux permissions. 这可能是由于SELinux权限。 httpd is unable to create the socket to connect to the LDAP. httpd无法创建套接字以连接到LDAP。 There is no need to disable SELinux completely. 无需完全禁用SELinux。
First do a check with 首先做一个检查
getsebool -a | grep ldap # check SE booleans
You should see 你应该看到
authlogin_nsswitch_use_ldap --> off
dhcpd_use_ldap --> off
httpd_can_connect_ldap --> off
Set the boolean with the following command 使用以下命令设置布尔值
setsebool -P httpd_can_connect_ldap 1 #-P turns sets the boolean permanently (persist across reboots)
End result 最终结果
authlogin_nsswitch_use_ldap --> off
dhcpd_use_ldap --> off
httpd_can_connect_ldap --> on
解决方案2
0 2015-12-10 07:20:44
With which user are you running Apache? 您与哪个用户一起运行Apache? probably it can't open sockets. 可能无法打开套接字。 Also if you're using wsgi check the user that run the python interpreter. 另外,如果您使用的是wsgi,请检查运行python解释器的用户。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.